December 3, 2019

One of the more curious behaviors of Apple’s new iPhone 11 Pro is that it intermittently seeks the user’s location information even when all applications and system services on the phone are individually set to never request this data. Apple says this is by design, but that response seems at odds with the company’s own privacy policy.

The privacy policy available from the iPhone’s Location Services screen says, “If Location Services is on, your iPhone will periodically send the geo-tagged locations of nearby Wi-Fi hotspots and cell towers (where supported by a device) in an anonymous and encrypted form to Apple, to be used for augmenting this crowd-sourced database of Wi-Fi hotspot and cell tower locations.”

The policy explains users can disable all location services entirely with one swipe (by navigating to Settings > Privacy > Location Services, then switching “Location Services” to “off”). When one does this, the location services indicator — a small diagonal upward arrow to the left of the battery icon — no longer appears unless Location Services is re-enabled.

The policy continues: “You can also disable location-based system services by tapping on System Services and turning off each location-based system service.” But apparently there are some system services on this model (and possibly other iPhone 11 models) which request location data and cannot be disabled by users without completely turning off location services, as the arrow icon still appears periodically even after individually disabling all system services that use location.

On Nov. 13, KrebsOnSecurity contacted Apple to report this as a possible privacy bug in the new iPhone Pro and/or in iOS 13.x, sharing a video showing how the device still seeks the user’s location when each app and system service is set to “never” request location information (but with the main Location Data service still turned on).

The video above was recorded on a brand new iPhone 11 Pro. The behavior appears to persist in the latest iPhone operating system (iOS 13.2.3) on iPhone 11 Pro devices. A review of Apple’s support forum indicates other users are experiencing the same issue. I was not able replicate this behavior on an older model iPhone 8 with the latest iOS.

This week Apple responded that the company does not see any concerns here and that the iPhone was performing as designed.

“We do not see any actual security implications,” an Apple engineer wrote in a response to KrebsOnSecurity. “It is expected behavior that the Location Services icon appears in the status bar when Location Services is enabled. The icon appears for system services that do not have a switch in Settings” [emphasis added].

Apple has not yet responded to follow-up questions, but it seems they are saying their phones have some system services that query your location regardless of whether one has disabled this setting individually for all apps and iOS system services.

Granted, the latest versions of iOS give users far more granular control over the sharing of this data than in the past, especially with respect to third-party apps. And perhaps this oddity is somehow related to adding support for super-fast new WiFi 6 routers, which may have involved the introduction of new hardware.

But it would be nice to know what has changed in the iPhone 11 and why, particularly given Apple’s recent commercials on how they respect user privacy choices — including location information. This post will be updated in the event Apple provides a more detailed response.

Update, Dec. 5, 2:53 p.m. ET: Apple disclosed today that this behavior is tied to the inclusion of a new short-range technology that lets iPhone 11 users share files locally with other nearby phones that support this feature, and that a future version of its mobile operating system will allow users to disable it. More information can be found at this story.


73 thoughts on “The iPhone 11 Pro’s Location Data Puzzler

  1. Caleb

    There is a much bigger issue here which everyone seems to be looking past and that is the massive database of SSID locations that is being built by Google, Apple and other mapping companies. This is incredibly valuable data for augmenting GPS and GLONASS to determine your location inside of a building or store but it can also be easily used to determine where you live or where you frequently visit. With some of these data sets now publicly available in open source format pretty much anyone that can guess your SSID can figure out where you live. With people using their names in their SSIDs this is a pretty easy to figure out. Or, if I want to put in a little extra work with a WiFi Pineapple I can just get near you and your phone is regularly broadcasting out all of the SSIDs you frequently connect to looking for those networks. It only takes a few minutes to figure out which SSID is likely your home address and then look it up in one of these databases to find where that SSID is broadcasting from. As long as your SSID is unique it is a huge privacy concern.

    1. John

      WiFi is just a auditory-based unplugged ethernet cable floating in front of all devices that support it. Should be turned off at all times you don’t use it in your house. It’s despicable some things only support WiFi, it’s so insecure.

    2. John

      While I would prefer to see security solutions that would address this types of problems be address at the design and implementation stage of these products (which I believe is your point) the situation could be improved with positive “social engineering”.

      When defining the SIDD a user could be prompted to to consider the implications and select values that cannot be easily connected with them individually or some physical location. True, some, perhaps many, will not care and that is their choice.

    3. Ray

      I believe that the WiFi location database is indexed on WiFi hardware MAC address, not the SSID.

    4. Ray

      I believe that the WiFi location database is indexed to the hardware MAC address not the SSID, which is user defined.

  2. JMaddox

    The 11 series of phones have and new chip call the U1. The U1 chip uses ultra-wideband technology for “spatial awareness”. Ultra-wideband is a short-range, low-power radio technology that is able to provide precise indoor positioning. Just guessing here… Apple may not have updated its OS to properly disable this location feature.

  3. fdisk2k

    I’ll stick with my Blackberry to be in the safe side.

  4. Smarty Pants

    Most people are going to have a smartphone and it’s going to be an Android or iPhone. There are no other real options.

    Privacy doesn’t seem to be that important to consumers. If it were, consumers would demand that there be more choice (i.e. besides Android or iPhone) or that the available choices offer real privacy options on each device.

    Google and Apple are always going to have information about you that you don’t want shared because there is no downside for them. They make more money if they take advantage of their market dominance to gather, use and sell your data.

    So, lack of choice, lack of concern from consumers about privacy, and market factors that make big companies even more money mean that privacy is dead. Sorry, but we (consumers) did this to ourselves.

    1. Herbert

      +1
      Phone: Android or Apple. It’s eggs and spam or bacon and spam (Monty Python).

      When there is quasi monopoly, the seller makes the choices, not the buyer.
      Android sounded quite nice at the beginning related to GNU stuff, but since it allows the phone builder to “customize” the OS and lock it, you usually end up with crap.
      Iphone is locked both on hardware and software, but at least you know it’s “a feature”.

      By the way, how could a consumer buy anything else? Most of people don’t have the knowledge required to see through the commercial arguments. And even if there was a third company providing safer OS and hardware but all your friends can’t exchange data with you ’cause apple or android would not allow this, what would you do?
      Have been often confronted to people either on apple or windows unable to communicate with each other. I use linux which does the job, but it has such a reputation as a “pure geek stuff” (most of them believe that the linux UI is pure command line 😀 ) than none of my friends would try it.

  5. Jason

    Disturbing: “… The icon appears for system services that do not have a switch in Settings””

    Why would any app pass through the App Store that is not *required* to switch location tracking on or off.

    The option to disable tracking should be SOP.

  6. das

    From Apple on this issue:

    “Ultra wideband technology is an industry standard technology and is subject to international regulatory requirements that require it to be turned off in certain locations,” an Apple spokesperson told TechCrunch. “iOS uses Location Services to help determine if iPhone is in these prohibited locations in order to disable ultra wideband and comply with regulations.”

    “The management of ultra wideband compliance and its use of location data is done entirely on the device and Apple is not collecting user location data,” the spokesperson said.

    That seems to back up what experts have discerned so far. Will Strafach, chief executive at Guardian Firewall and iOS security expert, said in a tweet that his analysis showed there was “no evidence” that any location data is sent to a remote server.

    Apple said it will provide a new dedicated toggle option for the feature in an upcoming iOS update.

  7. Jorge

    I found these problem since iOS 13.1 came out I contact Apple and after a month they told me is a bug and everything started with iOS 13.1 with iOS 13.0 never had that problem

  8. Daniel

    Since the ball is now rolling… There are other privacy-related issues as well, and we should start “lobbying” for the resolution of all of them.

    My accidental discoveries so far:

    -cellular data usage under System Services: lots of items I don’t use seem to eat data: iTunes Accounts, iTunes Media Services, Mapping Services (!), Diagnostics (not sharing those with Apple at all!), Messaging Services (I don’t use iMessages), Media Services…

    -I used the tool to download all my data on their servers some time ago. I was surprised to see some things there which I had used briefly in the past, and shouldn’t have been there anymore (and no option to have them deleted–clearly in violation of GDPR), e.g. Safari bookmarks, some “invisible” stuff in iCloud drive (not visible in the regular web interface), old Game Center data… and then there was a large file called “Apps And Service Analytics.csv” containing lots of data on apps and their usage (again, the setting to share analytics etc. has always been off on my side).

    I’m not saying Apple is a bad guy now, but in some areas they need much more transparency and tweakability, if their commitment to user privacy is like they always claim it to be.

  9. Matthew

    Retraction:

    My comments were based on what I _thought_ Krebs wrote based on what “TechCrunch” said he wrote, which he did not. I posted my comment based on an incorrect assumption that “TechCrunch” and others were reporting accurately, and only after I submitted the comment thought to peruse Krebs’ article for the assertions the other articles claimed he had made, and I couldn’t find them. I see no assertion that iOS sent location data or that Apple “collected” any. I’m sorry I fell for sensationalist press garbage and believed their claims that Krebs had made such asinine assertions. I should have known “TechCrunch” was in the garbage category already, and even without that I should have read the original article well before commenting.

  10. Alan Baker

    One little problem, the text you quote is NOT from Apple’s privacy policy.

    The pop-up document you quote, “Location Services & Privacy”, ends with this:

    “Information collected by Apple will be treated in accordance with Apple’s Privacy Policy, which can be found at http://www.apple.com/privacy

    That is proof positive that what you’ve quoted is NOT Apple’s privacy policy.

Comments are closed.